Whitelist advice, correct way to minimize score

Karol Augustin karol at augustin.pl
Mon Feb 5 12:38:17 CET 2018 

On 2018-02-05 11:26, chaouche yacine wrote:
> From: Karol Augustin <karol at augustin.pl>
> To: amavis-users at amavis.org
> Sent: Monday, February 5, 2018 12:09 PM
> Subject: Re: Whitelist advice, correct way to minimize score
> 
>> On 2018-02-05 10:11, chaouche yacine wrote:
> 
>>> I recently had to whitelist an IP that belongs to one of our machines (kaspersky center sending reports by e-mail), but I didn't know how to do that with amavis and did it with postfix instead.
>>> Is there an equivalent of 'whitelist_from_spf' for IPs ? or does it accept an IP as argument ?
>>>
>>> Yassine.
> 
>> I don't know what you mean whitelist_from_spf for ip addresses.
> 
> I want to allow all mail from [IP address]. This host doesn't have a
> domain name.
> 
> I see two solutions : 
> + one is to find a 'whitelist' configuration option that understands
> IP addresses.
> + two is to add the IP address to my spf record.
> 
>> If you don't know the email address or want to whitelist all mail
>> relayed by this host you can use:
>> whitelist_from_rcvd *@* [XXX.XXX.XXX.XXX]
> 
> Thanks Karol, this is probably my solution 1. Although now that I
> think of it, I should be doing two. What do you think ?

It's definitely cleaner to add this IP to SPF as it is sending email for
that domain. Than you can use whitelist_from_spf and it will cover all
spf-authenticated email from your domain, which depending on your
use-case and configuration might be a good idea.

I have for example both inbound and outbound filtering set up in case
one of my user accounts get compromised I can filter some spam before I
block the account.

I would add IP of this server to spf anyway and than use:
whitelist_from_rcvd address at example.com [XXX.XXX.XXX.XXX], this way I
will whitelist e-mail coming from this server from the address(es) that
this server is sending from and also have SPF_PASS which, on it's own,
is not impacting the score much.

I believe that if you need to whitelist all your originating email
because it's hitting so many rules that is going to spam, you're doing
something wrong. But YMMV of course.

k.


-- 
Karol Augustin
karol at augustin.pl
http://karolaugustin.pl/
+353 85 775 5312

More information about the amavis-users mailing list